Vulnerabilities > GOG > Galaxy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-30 | CVE-2021-26807 | Untrusted Search Path vulnerability in GOG Galaxy 2.0.28.9 GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading. | 4.4 |
| 2020-08-21 | CVE-2020-24574 | Use of Hard-coded Credentials vulnerability in GOG Galaxy The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. | 6.9 |
| 2019-04-02 | CVE-2018-4051 | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.47 An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. | 4.9 |